HP Online Exclusive: Digitalization, 'not a revolution, but an evolution' - Siemens VP

Houston, TX - Oil and gas leaders from both private industry and government met prior to the International Society of Automation’s (ISA) technical conference, PCS 2018—Process Industry Event, to discuss strategies for combatting a rise in cyber attacks in the energy industry.

The half-day workshop, “Using the Power of Analytics to Address Cybersecurity,” was hosted by ISA and sponsored by Siemens.

Leo Simonovich, Vice President and Global Head of Industrial Cyber and Digital Security at Siemens presented opening remarks for the workshop focusing on how digital tools can be leveraged to address cybersecurity concerns.

Leo Simonovich, Siemens Vice President and Global Head, Industrial Cyber and Digital Security
Leo Simonovich, Siemens Vice President and Global Head, Industrial Cyber and Digital Security

“We’ve heard that going on the digitalization journey is like sending an invitation out to criminals to try to hack you,” Simonovich said. “The reality is that digitalization – and specifically analytics – is integral to securing the full energy value chain.”

Simonovich asked that leaders see not just the business opportunity behind digitalization and analytics, but the security opportunity as well. He identified three distinct challenges during his presentation.

Digitalization can still feel like a far-off concept.

“I’ll go on the record here and say that a common buzz-phrase – digital transformation – is actually a bit misleading. It’s misleading because, when something transforms, you end up with something drastically different from what you started out with. You imagine a new version replacing the old version. And frankly, let’s say you’re a control engineer or plant manager, that’s a bit overwhelming when taking into account everything already on your plate,” Simonovich said.

According to Simonovich, the key is to think of digital transformation as taking the next logical step. “What we’re really talking about isn’t a revolution, but an evolution. The evolution has already delivered IT to oil and gas.” The next step is to merge IT with OT and to connect OT by bringing equipment and physical assets online. “That’s when companies can start analyzing data they produce in a strategic way – which is exactly what oil and gas leaders need right now in such a competitive market.”

It’s difficult to focus on deploying new technology when already investing so much energy into fending off cybercriminals.

A rise in cyber attacks has made it difficult for companies to trust a digital future. Siemens and Ponemon Institute surveyed over 300 oil and gas companies on how they were grappling with cybersecurity. The study found that 68 percent of oil and gas enterprises surveyed had suffered a security compromise in the past year, with OT being a prime target.

“Two-thirds of respondents believed attacks against industrial control systems had increased during the past few years – with breaches exposing confidential information and disrupting OT operations. And only a third of those surveyed thought OT and IT were fully aligned for cybersecurity,” Simonovich said. “Meanwhile, a still-low number – 35 percent – rated their readiness to address cyber threats as high. Which helps explain why close to half of all attacks in OT are going undetected.”

The good news, according to Simonovich, is there is now more awareness on the issue of security and an eagerness to combat it. He cited a quote by U.S. Energy Secretary, Rick Perry that was said during a grant announcement for a program that incentivizes new approaches to making the energy sector more resilient to cyber attacks. “Protecting the nation’s energy delivery systems from cyber-threats is a top national priority.”

Simonovich explained that digital technology and cybersecurity are evolving too quickly for government to keep pace and create effective regulations. “Siemens certainly thinks government has an important role to play in terms of articulating standards and best practices, but there’s no question that the onus is on us in the private industry, to drive solutions—particularly when it comes to technology.”

We saw a need to provide more transparency and more visibility.

To use analytics as a security tool, you need to be able to see the data and gather insights in real time. You need visibility into the virtual side of the operation.

Simonovich described a parallel to the U.S. military using night vision technology. “It was more than half a century ago that Army researchers started working on night-vision technology. They wanted to empower soldiers to see as clearly in darkness as they could in light. And it all started with a principle that you simply can’t defeat an enemy who you can’t see. Fast forward to this summer—the Army issued new technology that gives soldiers night-vision capabilities once thought to be impossible. One general said this will enable soldiers to, ‘own the environment’ on their missions.”

New Siemens technology

“Now, going forward, Siemens will continue to view the development of technology as a way private industry can lead on cybersecurity.”

Simonovich highlighted a new monitoring platform by Siemens that better manages risk. The new system detects risks early by maintaining “good cyber hygiene,” lets operators know quickly when a cyber threat has entered into OT so they can isolate and respond, and furthers understanding of how and why a system was exploited, minimizing future exposure. 

“We wanted to use analytics and machine learning to provide context,” Simonovich said. “So, you can understand what’s happening, you can prioritize resources, and you can take action. This is what we call security analytics.”

Charter of Trust

Siemens believes in investing in more than just technology, but also the people who will use it. “While some say robots will take over; we say it’s humans who teach machines how to learn. And while analytics will flag an abnormality and provide context, it is human expert who will have the full story and make decisions.”

As analytics increase knowledge, professionals shouldn’t be afraid to work together and forge new partnerships. “That’s why, earlier this year, Siemens launched a new global alliance called the Charter of Trust,” Simonovich said, “Through the Charter of Trust, we’re working collectively to set the bar for standards and best practices to secure critical infrastructure in the digital age.”

In closing, Simonovich said monitoring platforms will benefit all companies that deploy them, but it’s important for companies to learn and share more of what they learn. “That’s one important way that private industry can lead and answer the call to do more to advance a secure, digital world.”

From the Archive

Comments